need help identifying reject reason

keat63

Well-Known Member
Nov 20, 2014
1,839
220
93
cPanel Access Level
Root Administrator
I had a customer today saying that his email had been rejected as spam.
I'm not aware of any application that would reject an email at smtp time becuase it thought it was spam.
Certainly nothing that i've installed or ever seen in the last 6 years on Cpanel

I have a few RBL's but these reject on the basis that the sending IP/Domain is listed in an RBL, and not based on content.

I also have CSF mailscanner, but this would accept the message then quarantine or delete it, Mailscanner wouldn't send a rejection notice.

I can find no reference to this email in any of my exim logs.
I see no reference to my hostname or IP address in the reject headers.

I'm guessing that the bounce came from within the customers outlook environment, and nothing to do with anything at my end.

Could anyone help shed any light on where this reject notification came from, I'm not sure it came from me.

Code:
Diagnostic information for administrators:

Generating server: AM6EUR05HT256.mail.protection.outlook.com

[email protected]
Remote Server returned '550 5.7.520 Message blocked because it contains content identified as spam. AS(4567)'

Original message headers:

Received: from AM6EUR05FT052.eop-eur05.prod.protection.outlook.com

(2a01:111:e400:fc11::38) by

AM6EUR05HT256.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc11::373)

with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.21; Wed, 5 Feb

2020 12:02:54 +0000

Received: from AM5PR0902MB2097.eurprd09.prod.outlook.com (10.233.240.57) by

AM6EUR05FT052.mail.protection.outlook.com (10.233.240.128) with Microsoft

SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.20.2707.21 via Frontend Transport; Wed, 5 Feb 2020 12:02:54 +0000

X-IncomingTopHeaderMarker: OriginalChecksum:26505E3C1C19E9263B68794BA5F95258B80566B9013D13B08BE281388308F6A7;UpperCasedChecksum:94F2CFFC7ECA343B8F634C905B8835B8E89DFDCC59EBF58893F9D7FFE8F85F7C;SizeAsReceived:6637;Count:42

Received: from AM5PR0902MB2097.eurprd09.prod.outlook.com

([fe80::ddb1:52be:3f62:c25]) by AM5PR0902MB2097.eurprd09.prod.outlook.com

([fe80::ddb1:52be:3f62:c25%5]) with mapi id 15.20.2686.035; Wed, 5 Feb 2020

12:02:54 +0000

Content-Type: application/ms-tnef; name="winmail.dat"

Content-Transfer-Encoding: binary

From: Jon xxx<[email protected]>

To: My Company Ltd <[email protected]>

Subject: Order please

Thread-Topic: Order please

Thread-Index: AdXcHC5XfuGX9+JVS1qdiQWZkKTZIA==

Date: Wed, 5 Feb 2020 12:02:54 +0000

Message-ID: <[email protected]9.prod.outlook.com>

Accept-Language: en-GB, en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator: <[email protected]9.prod.outlook.com>

MIME-Version: 1.0

X-TMN: [p/4+lutf9RFsAcg1uVdX+/rbddTT0Y1u]

X-MS-PublicTrafficType: Email

X-IncomingHeaderCount: 42

Return-Path: [email protected]

X-EOPAttributedMessage: 0

X-MS-Office365-Filtering-Correlation-Id: 5ccf9aba-e5f6-4990-da50-08d7aa3354f2

X-MS-TrafficTypeDiagnostic: AM6EUR05HT256:
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
I can confirm that this is specific to Microsoft/Outlook

This error:
Remote Server returned '550 5.7.520 Message blocked because it contains content identified as spam. AS(4567)'
And related to them identifying "spam content" in the message. I used to manage a few exchange servers and recognize this as their error code/verbiage.

It would seem they've got an issue currently: Results in Outlook.com - Microsoft Community

There's a bunch of folks being flagged similarly.